Contact Us Today to Receive a Free Dark Web Scan by our Team of Security Experts

Logo
LogoLogo

Essential Practices to Protect Your Law Firm From Cyber Attacks

  1. Home
  2. Best Practices
  3. Essential Practices to Protect Your Law Firm From Cyber Attacks
JDL Essentials for Law Firms Cybersecurity
Nov 12,2019

Essential Practices to Protect Your Law Firm From Cyber Attacks

Best Practices, Data Breach, Law Firms, Security

As we look back on October, Cybersecurity Awareness Month, it is important to understand the state of the legal industry and how much more can be done to increase security and awareness in general. Thanks to the ABA’s 2018 Legal Technology Report, we have listed statistics that we found to be eye-opening. Not surprisingly, the smaller the firm, the less likely it was to have a policy covering document retention, remote access, social media, personal technology and employee privacy.  Moving forward, it’s important to take the lessons learned in the last month and determine where your organization is lacking cyber protection, then take action to protect your business.

Document retention cybersecurity best practices 

The effect on organizations that hoard data can be catastrophic.  The more personal information a company has in its possession, the more information it has to lose in a cyber attack, and the higher the financial and reputational costs.  As we’ve seen in the media, breaches are happening more than ever. In addition to taking every measure possible to prevent a breach, it’s imperative to create a strategy to ensure that in the unfortunate event there is a breach, there is as little damage as possible. Incident response planning, training, and ensuring that your organization only retains the data necessary to operate your business, is key to a successful retention plan. Make sure your data retention plan takes into account any data retention laws a company may be subject to.

Remote access cybersecurity best practices

The failure of security measures when accessing networking devices, servers, desktops, or databases remotely– whether that access is through a website, application, or a direct connection by a person, can be the weak spots that will make you vulnerable to a cyber attack. Here are steps to take to make these remote connections more secure and less likely to result in a security breach. 

  • Be sure to change default usernames and passwords, using weak usernames and passwords, and using insecure communication protocols.
  • Get visibility into who is accessing an organization’s critical systems
  • Store the credentials in a locked and safe environment
  • Implement live monitoring and session recording
  • Deploy analytics tools

Social media cybersecurity best practices 

It’s no surprise that employees are on social media often, and it’s also probable that your business is on social media as well.  Social media platforms are another avenue where hackers can get in to implement a successful cyber attack.  But there are ways you can keep your company’s social media safe.

  • Hold security awareness training on the dangers of social media for employees  
  • Limit Private Company Information On Social Networks
  • Some social media platforms reset privacy settings every time the platform gets updated. Since you never know when a security setting may get changed, it is vital to check these settings regularly. 
  • Ensure your company software is consistently updated.
  • Update Connected Apps – While these apps are useful or even necessary, they are not without vulnerabilities and cyber security risks
  • Close any accounts that are no longer used or have been inactive for a while, to avoid them being hacked and used to access and compromise active accounts.

Personal technology cybersecurity best practices 

Smartphones and tablets have become constant companions, and hackers continually find new ways to break into them.  Many people believe their iPhone or Android devices are secure by default, but in reality it is up to the user to make security configuration changes to ensure protection.  There are a number of steps you can take to reduce the risks they pose as well as address related legal, privacy, and security requirements. The steps are similar to those involved with many other security issues—such as powerful program and policy creation, risk assessment, technology implementation, communication, and continuous monitoring and evaluation—but are tailored to mobile devices.

Employee privacy cybersecurity best practices 

Clear policies are the key when dealing with employee privacy when it comes to monitoring employees’ digital activities in the workplace. To properly maintain cybersecurity and protect confidential information, companies need to monitor the activities of their employees more than ever.  There is a delicate balance required for successful protection through employee activity tracking.  You need to really consider two things: 

  1. Reasonable efforts to find wrongdoing or carelessness that could harm the company 
  2. Respecting employees, reasonable expectation of privacy.  

The most important step employers can take to reduce the risk of inadvertently infringing on employees’ privacy rights is to have clear policies.

By the Numbers: Legal Technology Survey

  • Twenty-three percent of respondents reported that their firm had been breached at some point.
  • Of those reporting that they had been breached, the percentage breached generally increased with firm size until you got to large firms: 14 percent were solos, 24 percent were firms with two to nine attorneys, 24 percent were firms with 20 to 49 attorneys, 42 percent with 50 to 99 attorneys and about 31 percent with 100 or more attorneys.
  • Sixty percent reported that their firms had not experienced a data breach. It is important to note that it is extremely possible that many firms experienced a breach and never detected it.
  • About 9 percent of those breached notified clients, and 14 percent notified law enforcement.
  • Of those breached, 41 percent reported downtime and/or loss of billable hours, 40 percent reported consulting fees for remediation of the problems, 11 percent reported loss or destruction of files and 27 percent reported replacement of hardware and/or software.
  • Forty percent reported experiencing an infection with viruses/malware/spyware, with the greater number occurring in firms with two to 49 attorneys and the lowest in firms with 500 or more attorneys.
  • Twenty-nine percent reported using encryption of email for confidential or privileged data sent to clients.
  • Twenty-four percent reported using full-drive encryption, a low number in this day and age.

For more information on a free dark web scan and how to protect your law firm, contact the JDL team at 973-607-2140.

SOURCES

https://www.us-cert.gov/sites/default/files/ICSJWG-Archive/QNL_DEC_15/Leemon_Leverage_IT_Cyber_Security_Best_Practices_FINAL.pdf

https://www.govinfosecurity.com/5-steps-to-secure-remote-access-a-1247

Best Practices for Securing Remote Access Connections
9 Social Media Security Best Practices To Prevent Data Breaches

https://medium.com/continuum-grc/social-media-cyber-security-risks-and-best-practices-for-businesses-54b265582d55

13 Social Media Security Best Practices
0
Related Posts
Aug 04,2020
Broadband Bonding – Fast, Secure and Reliable Internet Connectivity
COVID-19, Education, Security
May 23,2020
Changes in Education due to pandemic
COVID-19, Education, Security
Mar 02,2020
Phishing Attack + IT Incompetence = $200,000 Ransomware Payout for University
Education, Ransomware, Security, Uncategorized
Feb 18,2020
Why schools are “Failing” in Cyber-Security
Education, Ransomware, Security
Jan 21,2020
Keeping Your Firm Compliant with the New York SHIELD Act Law
Best Practices, Law Firms, Security
Jan 15,2020
Law Firm Security: The Basics
Best Practices, Law Firms, Ransomware, Security
Jan 14,2020
Cyber Attackers Targeting Education
Education, Ransomware, Security
ransomware protection
Nov 19,2019
Email Threats to Harm Law Firms into the Next Decade
Data Breach, Law Firms, MSSP, Security
Nov 18,2019
3 Approaches School Districts Can Take To Protect Against Increasing Cyber Attacks
Best Practices, Education, Security
Security Assessment
Nov 04,2019
Why Security Assessments Are Essential for Law Firms
Best Practices, Law Firms, Security
Ransomware Attack Disrupts Court Cases
Oct 28,2019
TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines
Data Breach, Law Firms, Ransomware, Security
Ways to protect your law firm JDL
Oct 14,2019
5 Ways Law Firms Can Protect Their Sensitive Client Data
Best Practices, Data Breach, Law Firms, Ransomware, Security, Uncategorized
JDL Keys to law firm cybersecurity
Sep 17,2019
Key Steps to Follow for Law Firm Cybersecurity
Best Practices, Data Breach, Law Firms, Security
Aug 28,2019
First Ever 2019 NYSBA Technology Summit
Best Practices, Law Firms, Security
5 Steps to Stop a Breach of Your Law Firm
Aug 08,2019
5 Steps to Stop a Breach of Your Law Firm
Best Practices, Data Breach, Law Firms
Top 3 Reasons Your Law Firm Needs an MSSP
Jul 29,2019
Top 3 Reasons Your Law Firm Needs an MSSP
Best Practices, Law Firms
Healthcare Cyber Security
Apr 10,2019
Managing Risks in Healthcare Cyber Security
Best Practices, Health Care, Security
Mar 21,2019
Three Methods Schools Can Use To Improve Cyber Security
Best Practices, Security
Jan 14,2019
Creating a Cybersecurity Culture
Best Practices, Insider Threats, Security
Jan 02,2019
Small Business Cyber Security
Security
Dec 17,2018
The Rise of SD-WAN
Security
Nov 30,2018
The Corporate Cloud: Cloud Security
Security
Abstract AI Art
Nov 08,2018
The Rise and Risk of IoT Devices in the Workplace
Security
IT Support with two computers
Oct 18,2018
Protecting Your Law Firm in 2019: Part 2
Law Firms, Security
Masked Hacker with laptop
Sep 24,2018
Protecting Your Law Firm in 2019: Part 1
Law Firms, Uncategorized
JDL Group | Mobile Security NY, NJ, PA
Sep 04,2018
5 Tips to Keep Your Mobile Workforce Safe and Secure
Best Practices, Insider Threats, Security
Mobile Ransomware graphic
Aug 21,2018
Defining the Eight Most Nefarious Cyber Threats.
Best Practices, Data Breach, Security
JDL Group can help your school or district make sure it is prepared for anything with the latest in endpoint protection.
Jul 28,2018
Failing the Phish Test
Best Practices, Data Breach, Insider Threats, Security
World Cup Game
Jun 21,2018
New Phishing Campaigns are Targeting World Cup Fans 
Alerts, Best Practices, Security
data privacy NJ
Jun 07,2018
FBI Issues Malware Public Service Announcement, Learn How to Protect Your Data
Alerts, Best Practices, Security
Server cooling fan
May 23,2018
After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 
Alerts, Data Breach, Security
JDL Group can help your school or district make sure it is prepared for anything with the latest in endpoint protection.
May 10,2018
Public Schools Are Being Attacked by Hackers More Than Ever
Data Breach, Ransomware, Security
Healthcare Malware Prevention
Apr 24,2018
A New Hacker Group is Targeting the Healthcare Industry and Infecting Medical Equipment with Malware
Data Breach, Health Care, Life Sciences, Ransomware
ransomware protection
Apr 11,2018
Less Than Half of Ransomware Victims Recover Their Data After Paying the Ransom Demand
Best Practices, Ransomware, Security
Atlanta Ransomware | Atlanta Bitcoin Ransom
Mar 27,2018
Atlanta’s Computer Systems Infected with Ransomware, Hackers are Demanding Over $50,000 in Bitcoin
Alerts, Ransomware, Security
Crypto Malware Protection | IT Blog
Feb 28,2018
Hackers are Using Malware to Generate Cryptocurrencies
Security
Spectre and Meltdown Vulnerabilities
Feb 13,2018
Spectre and Meltdown Vulnerabilities: What Happened and How to Secure Your Computers
Security
Jan 29,2018
Insider Threats – Your Organization’s Top Security Risk
Alerts, Best Practices, Data Breach, Security
data breach protection | NYC MSSP
Jan 15,2018
Top 3 Causes of Data Breaches
Data Breach, Security
Dec 20,2017
Battling Ransomware: 3 Tips for Health Care Organizations
Best Practices, Data Breach, Health Care, Life Sciences, Ransomware
patient information data security | medical cyber security
Dec 04,2017
Protecting Patient Information from Ransomware
Best Practices, Data Breach, Ransomware
Nov 20,2017
How to Reduce Your Law Firm’s Cyber Risk
Best Practices, Data Breach, Law Firms, Security
Nov 06,2017
How to Protect Your Law Firm and Clients from Phishing Email Scams
Best Practices, Law Firms, Security
Oct 23,2017
Hackers Hold Entire School District To Ransom
Data Breach, Security
data security firm nj
Oct 16,2017
Responding to a Data Breach Best Practices
Best Practices, Data Breach, Security
Oct 02,2017
Why Law Firms Need to Make Cybersecurity a Priority
Best Practices, Law Firms, Security
Apr 04,2017
Your Business Should Be in the Headlines for the Right Reasons, Not for a Cyber Attack
Security
Mar 29,2017
Tip of the Week: How to Be Active and Proactive With Your Network
Security
IT Security | Cyber Security NJ
Jan 31,2017
The “S” in HTTPS is More Important Than You May Think
Best Practices, Security
IT Security MSSP NYC
Jan 04,2017
3 Compelling Reasons Why Your Business Should Move to the Cloud
Best Practices

Leave a Comment

Your email address will not be published. Required fields are marked *

eleven + seven =

This site uses Akismet to reduce spam. Learn how your comment data is processed.